[AutoPR- Security] Patch giflib for CVE-2026-23868 [HIGH] (#16180)

Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>

Author: azurelinux-security

SPECS/giflib/CVE-2026-23868.patch

@@ -0,0 +1,33 @@
+From 56172b0dcdf87cba6fca712cb3e4db248195dcbd Mon Sep 17 00:00:00 2001
+From: "Eric S. Raymond" <esr@thyrsus.com>
+Date: Wed, 4 Mar 2026 18:49:49 -0500
+Subject: [PATCH] Avoid potentuial double-free on weird images.
+
+Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
+Upstream-reference: https://raw.githubusercontent.com/Kanishk-Bansal/CVE-Patches/refs/heads/main/0001-Avoid-potentuial-double-free-on-weird-images.patch
+---
+ gifalloc.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/gifalloc.c b/gifalloc.c
+index 9cac7e4..4f87bd3 100644
+--- a/gifalloc.c
++++ b/gifalloc.c
+@@ -348,6 +348,14 @@ GifMakeSavedImage(GifFileType *GifFile, const SavedImage *CopyFrom)
+              * problems.
+              */
+ 
++			/* Null out aliased pointers before any allocations
++			 * so that FreeLastSavedImage won't free CopyFrom's
++			 * data if an allocation fails partway through. */
++			sp->ImageDesc.ColorMap = NULL;
++			sp->RasterBits = NULL;
++			sp->ExtensionBlocks = NULL;
++			sp->ExtensionBlockCount = 0;
++ 
+             /* first, the local color map */
+             if (CopyFrom->ImageDesc.ColorMap != NULL) {
+                 sp->ImageDesc.ColorMap = GifMakeMapObject(
+-- 
+2.45.4
+

SPECS/giflib/giflib.spec

@@ -1,7 +1,7 @@
 Name:           giflib
 Summary:        A library and utilities for processing GIFs
 Version:        5.2.1
-Release:        10%{?dist}
+Release:        11%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -14,6 +14,7 @@ Patch2:         CVE-2022-28506.patch
 Patch3:         CVE-2023-39742.patch
 Patch4:         CVE-2025-31344.patch
 Patch5:         CVE-2021-40633.patch
+Patch6:         CVE-2026-23868.patch
 BuildRequires:  gcc
 BuildRequires:  make
 BuildRequires:  xmlto
@@ -64,13 +65,16 @@ find %{buildroot} -name '*.a' -print -delete
 %{_mandir}/man1/*.1*
 
 %changelog
+* Thu Mar 12 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 5.2.1-11
+- Patch for CVE-2026-23868
+
 * Mon Apr 21 2025 Kanishk Bansal <kanbansal@microsoft.com> - 5.2.1-10
 - Patch CVE-2021-40633 using an upstream patch
 
 * Tue Apr 15 2025 Sudipta Pandit <sudpandit@microsoft.com> - 5.2.1-9
 - Patch CVE-2025-31344
 
-* Fri Feb 14 2024 Kevin Lockwood <v-klockwood@microsoft.com> - 5.2.1-8
+* Fri Feb 14 2025 Kevin Lockwood <v-klockwood@microsoft.com> - 5.2.1-8
 - Patch CVE-2023-39742
 
 * Fri Oct 11 2024 Suresh Thelkar <sthelkar@microsoft.com> - 5.2.1-7